We use CDKTF to setup the following per environment.
Network is split into a three tier structure. The public subnets are for bastion hosts and ALB. The private subnets are for compute workloads and the db subnets for the databases.
We have bastion host that can be used to access the private and db subnets. The primary job of this is to SSH into instances.
RDS is a postgresql instance. It is accessible only from the CIDR but not directly from the outside.
The workloads run on an ECS cluster. ECS cluster uses classic EC2 for the workloads. We could use Fargate but EC2 is roughly 3x more cost efficient than fargate.
ALB creates the necessary HTTP and TLS listeners. We can either import an certficate ARN manually or let Adikal provision one for you.
You need cdktf installed. We use OpenTofu instead of terraform.
You also need the following environment variables.
export AWS_PROFILE=nirai_profile
export AWS_REGION=us-east-1
export TERRAFORM_BINARY_NAME=/opt/homebrew/bin/tofu
The above are only for illustrative purposes. Use your own.